Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

Endpoint

5/12/2020
10:00 AM
Connect Directly
LinkedIn
RSS
E-Mail vvv
100%
0%

Coronavirus, Data Privacy & the New Online Social Contract

How governments can protect personal privacy in contact tracing while saving peoples' lives

When Jean-Jacques Rousseau wrote The Social Contract in 1762, he argued that only humans possess sovereign power, and that they alone may choose which freedoms they surrender in exchange for the benefits and stability of government. Now, for the first time in more than a century, we are debating amending or rebalancing aspects of the social contract in order to deal with a deadly pandemic.

One of the key challenges associated with containing the spread of the coronavirus that causes COVID-19 is contact tracing: identifying other individuals and groups with whom a COVID-19-positive individual may have been in contact. Under normal circumstances, the mere idea of using any form of mobile phone data to track users en masse for a purpose they never consented to would be anathema to the spirit of regulations like GDPR and CCPA. But, of course, these are not normal circumstances.

COVID-19 contact tracing is different in that complete anonymization is not possible when identifying COVID-19-positive individuals. To protect others, health systems already track COVID-19 cases and do everything in their power to perform contact tracing. The question is: How can technology help in a way that doesn't fundamentally violate our expectations around privacy?

Privacy vs. Public Health
Governments could use or access mobile phone location information without user consent. The drawback of this is clear: If governments can justify accessing this data in this circumstance, in what other contexts might they also unilaterally decide to use it after COVID-19 has passed? There are also purely opt-in approaches where individuals who want to participate in contact tracing can download an app. But you need a very large number of people to run an app for a contact-tracing program built around it to be effective.

Google and Apple have proposed an intriguing middle ground. By building new capabilities into the iOS and Android operating systems specifically to enable close proximity contact tracing with some anonymization built in, they are using technology that helps limit data collection and analysis to just what is essential. For example, the system will use Bluetooth signals, which have an inherently limited range, and only the ability to determine relative proximity to other devices, while banning the use of location tracking, according to MIT Technology Review, which would store a device's absolute geographic position. When these capabilities are released, if they are turned on by default, they could allow apps built on the platform to gain more users and result in more effective contact-tracing programs.

With greater access to this information, governments could have accurate contact tracing, which would allow the entire societal approach to prevention, containment, and mitigation of COVID-19 to improve. But the pivotal word here is "could." Privacy advocates are quick to point out there's no way of knowing with certainty that this data would improve contact-tracing efficacy enough to save many lives. But there's really no way of knowing until access is granted, and there's no way to get the people of an entire country — let alone an entire planet — to consent to their data being utilized.

The Andon Cord, Digital Edition
The possibility that technology we already have could protect us against the pandemic is too great a public health benefit to not at least explore. The question is, how to guard against the obvious downsides of eroding data privacy controls? The answer lies in recognizing this is an extraordinary circumstance, and should be handled as such. Many industries have spent a fair bit of time thinking about how to deal with emergencies. In the heyday of manufacturing, when a problem arose in a Toyota factory, employees were empowered to halt the assembly line the moment anyone discovered a problem. The trigger was pulling the "andon cord" so that team leaders and workers could huddle together to solve the problem and restart production following formalized steps.

Today, governments need a similar system they can utilize when a dire emergency overrides privacy concerns. But an andon cord of data usage should have three major components:

1. A point of instigation. The protocol should indicate factors for determining catastrophe on a spectrum — for instance, the highest level would be if the continuation of our species was at risk.

2. A point of demarcation. Privacy limits need to be reimposed after de-escalation. That should be set with an actual date and time at the outset of the andon cord pull.

3. A point of privacy. Wherever additional data is collected, it should be collected in a privacy-preserving fashion if possible. Approaches such as MIT's Private Kit, a contact-tracing app, allows infected persons to share their location trail to health officials, but that information is anonymized and patient data is stored locally.

It's necessary for governments to outline the three components above publicly, placing emphasis on steps they take to maintain privacy and the exact date they plan on stopping data usage. In the Patriot Act of 2001, Congress agreed to extend the government's powers in exchange for greater national security for a period of time, but the sunsetting kept being postponed. That cannot happen in an andon cord situation. Any time a government violates a social contract, it risks losing the trust of the public. Without transparency around pulling a data andon cord, there will be backlash. And that backlash would likely end in people actively blocking their devices, defeating the whole point of utilizing that data for public health.

Related Content:

Check out The Edge, Dark Reading's new section for features, threat data, and in-depth perspectives. Today's featured story: "Cybersecurity Home School: Garfield Teaches Security."

Shuman Ghosemajumder is global head of artificial intelligence at F5 Networks (NASDAQ: FFIV). Shuman was previously chief technology officer of Shape Security, which was acquired by F5 in 2020. Shape's technology platform is the primary application defense for the world's ... View Full Bio
 

Recommended Reading:

Comment  | 
Print  | 
More Insights
Comments
Newest First  |  Oldest First  |  Threaded View
COVID-19: Latest Security News & Commentary
Dark Reading Staff 9/21/2020
Cybersecurity Bounces Back, but Talent Still Absent
Simone Petrella, Chief Executive Officer, CyberVista,  9/16/2020
Meet the Computer Scientist Who Helped Push for Paper Ballots
Kelly Jackson Higgins, Executive Editor at Dark Reading,  9/16/2020
Register for Dark Reading Newsletters
White Papers
Video
Cartoon
Current Issue
Special Report: Computing's New Normal
This special report examines how IT security organizations have adapted to the "new normal" of computing and what the long-term effects will be. Read it and get a unique set of perspectives on issues ranging from new threats & vulnerabilities as a result of remote working to how enterprise security strategy will be affected long term.
Flash Poll
How IT Security Organizations are Attacking the Cybersecurity Problem
How IT Security Organizations are Attacking the Cybersecurity Problem
The COVID-19 pandemic turned the world -- and enterprise computing -- on end. Here's a look at how cybersecurity teams are retrenching their defense strategies, rebuilding their teams, and selecting new technologies to stop the oncoming rise of online attacks.
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2020-25821
PUBLISHED: 2020-09-23
** UNSUPPORTED WHEN ASSIGNED ** peg-markdown 0.4.14 has a NULL pointer dereference in process_raw_blocks in markdown_lib.c. NOTE: This vulnerability only affects products that are no longer supported by the maintainer.
CVE-2020-3130
PUBLISHED: 2020-09-23
A vulnerability in the web management interface of Cisco Unity Connection could allow an authenticated remote attacker to overwrite files on the underlying filesystem. The vulnerability is due to insufficient input validation. An attacker could exploit this vulnerability by sending a crafted HTTP re...
CVE-2020-3133
PUBLISHED: 2020-09-23
A vulnerability in the email message scanning of Cisco AsyncOS Software for Cisco Email Security Appliance (ESA) could allow an unauthenticated, remote attacker to bypass configured filters on the device. The vulnerability is due to improper validation of incoming emails. An attacker could exploit t...
CVE-2020-3135
PUBLISHED: 2020-09-23
A vulnerability in the web-based management interface of Cisco Unified Communications Manager (UCM) could allow an unauthenticated, remote attacker to conduct a cross-site request forgery (CSRF) attack on an affected device. The vulnerability is due to insufficient CSRF protections for the web-based...
CVE-2020-3137
PUBLISHED: 2020-09-23
A vulnerability in the web-based management interface of Cisco Email Security Appliance (ESA) could allow an unauthenticated, remote attacker to conduct a cross-site scripting (XSS) attack against a user of the web-based management interface of an affected device. The vulnerability exists because th...